US20130282904A1 - Systems and methods for enabling secure messaging, command, and control of remote devices, communicated via a short message service or other message oriented communications mediums - Google Patents
Systems and methods for enabling secure messaging, command, and control of remote devices, communicated via a short message service or other message oriented communications mediums Download PDFInfo
- Publication number
- US20130282904A1 US20130282904A1 US13/671,026 US201213671026A US2013282904A1 US 20130282904 A1 US20130282904 A1 US 20130282904A1 US 201213671026 A US201213671026 A US 201213671026A US 2013282904 A1 US2013282904 A1 US 2013282904A1
- Authority
- US
- United States
- Prior art keywords
- console
- message
- pmec
- devices
- services
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 title description 47
- 238000000034 method Methods 0.000 title description 8
- 230000010354 integration Effects 0.000 claims 1
- 238000004883 computer application Methods 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 11
- 230000001413 cellular effect Effects 0.000 description 8
- 230000008520 organization Effects 0.000 description 7
- 239000000969 carrier Substances 0.000 description 6
- 238000013474 audit trail Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 239000000463 material Substances 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- UPLPHRJJTCUQAY-WIRWPRASSA-N 2,3-thioepoxy madol Chemical compound C([C@@H]1CC2)[C@@H]3S[C@@H]3C[C@]1(C)[C@@H]1[C@@H]2[C@@H]2CC[C@](C)(O)[C@@]2(C)CC1 UPLPHRJJTCUQAY-WIRWPRASSA-N 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 244000144985 peep Species 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000035755 proliferation Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/084—Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/086—Access security using security domains
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
Definitions
- the technology herein relates to message security, and more particularly to secure exchange of message oriented and/or command and control data between at least one server class system e.g. utilized by an organization and at least one peer system over potentially diverse communications paths.
- the technology herein further relates to a server class system that can also act as a gateway for other applications to exchange secure messages with at least one peer system.
- SMS Short Message Service
- Other message oriented communications paths also exist, such as Twitter, and Google Groups. This type of communications has become widely popular over traditional voice conversations because it offers the participants some semblance of privacy in a room. No longer can an individual just eavesdrop on at least part of a conversation. In this simple case, an interloper needs to be close enough to be able to read the screen of the communicating device.
- Enabling more than one communications path to potentially critical infrastructure or personnel via the cooperating computing devices provides for resiliency of information flow and in some cases helps maintain business continuity. First responders, governments, military, may also find these services useful.
- FIG. 2 is a non-limiting sample web page or other display used to input operator/administrator credentials to access/configure PMEC functionality.
- FIG. 5 is a non-limiting sample web page or other display used to display information about groups of users associated with the PMEC.
- FIG. 7 is a non-limiting sample web page or other display used to display reporting information about the state of different commands/message oriented communications exchanged with a particular group, user or device.
- FIG. 8 is a non-limiting sample web page or other display used to display information about administrators and operators, as well as an audit of the functions/communication that have been requested by the person and which also allows the additional/deletion of administrators/operators.
- FIG. 9 is a non-limiting sample web page or other display used to allow entry and display of configuration and system parameters used in the exemplary non-limiting operation of the application.
- FIG. 10 is a non-limiting sample web page or other display used to allow the addition/deletion as well as display of the different exemplary device types that the system is in communications with.
- FIG. 1 shows an example non-limiting schematic diagram of a system 10 including a Protected Mobility Enterprise Console (PMEC) 20 .
- PMEC 20 is located behind the firewall 40 of an enterprise (e.g., organization or entity) and communicates with an organization/entity network 42 .
- Computing devices 34 such as personal computers, laptop computers, smart phones, tablet computers and a variety of other devices can communicate via network 42 with PMEC 20 and vice versa.
- PMEC 20 can be located anywhere. If located in the cloud or provided by a managed service provider for the customer, PMEC 20 would be moved from inside the organizations network to the other side of the organization's firewall 40 .
- PMEC services could then be securely access using any number of communications technologies such as VPNs, transport level security such as SSL/TLS, direct connection between the organizations and the cloud service providers network, etc.
- the PMEC 20 may use its cryptographic service interface 26 to secure the message if the at least one device is registered within the PMEC's domain ( FIG. 1A , block 86 , 88 ). Given the appropriate cryptographic material, the cryptographic services interface 26 will appropriately cipher the message and return it for further processing by the PMEC 20 .
- the service will then forward the communiqué via the at least one of the configured messaging channel ( FIG. 1A , block 90 ).
- the messaging channel interconnects can be Internet based service such as etherSMSTM, Skype, Twitter, to a wireless carrier's network 46 , other, etc. Alternate paths for the communications to occur can be easily envisioned by those skilled in the art.
- the PMEC 20 can initiate a command to the device such as to:
- Another advantage that can be realized via the group communications can also be enhanced by the PMEC 20 becoming the relay agent for multiparty communications.
- the PMEC 20 By the at least one device responding to a group text message, the PMEC 20 could replicate that information and send that to the other members of the group. This could potentially increase cost savings considering some current pricing models for message-oriented communications. In one illustrative example, many communications carriers charge a price for each message sent and each one received. Without the PMEC 20 , it is possible in one scenario, that if one of at least a plurality of devices responds to a group message, and that the at least one device would have to send a message to each other participant of the group. Having the PMEC 20 involved would allow the initiating device to send the message once to the PMEC, and have the PMEC then replicate the message potentially reducing the cost of total number of messages communicated.
- FIG. 8 is a non-limiting illustrative embodiment of a web page that allows an authorized user to add/delete/modify administrator/operators to the PMEC system.
- certain privileges and rights can be assigned to each operator/administrator potentially limiting access to PMEC 20 's functionality.
- Other information including, but not limited to an audit trail of what operations a particular operator/administrator issued may also be displayed.
- FIG. 10 and FIG. 11 is a non-limiting illustrative embodiment of web pages that enable an authorized operator/administrator to add/modify/delete device types and carriers that enable the authorized administrator/operator will used when defining user/device account/profile/configuration information.
- configuration may include, but not limited to an email gateway information used for sending SMS information, what MMS URL to use, etc.
- Device type information may include, but not limited to, message limitations, any transcoding that may be necessary, what interface to used, such as etherSMSTM or cellular messaging services, etc. Other information can be easily envisioned by those schooled in the art.
- the PMEC exposes a number of API's that via a web services interface that other applications may use to exchange message-oriented and/or command and control information to and from devices within the PMEC's domain.
- This service can then be accessed by an entity's other applications including, but not limited to, Customer Relation Management (CRM), Machine-to-Machine (M2M) communications for infrastructure command and control, etc.
- CRM Customer Relation Management
- M2M Machine-to-Machine
- the application can send the PMEC 20 via standard protocols such as Internet HTTP(s), the user/device identification information (e.g. name, phone number, network ID, etc.) along with the information to be sent.
- the PMEC 20 will then generate a secure message through its cryptographic services.
- a companion product such as ProtectedSMS, as described in co-pending application U.S. Provisional Patent Application No. 61/556,635 filed ON Nov.
- the PMEC will then forward the secure message to the at least one customer's device via its message router service, sending the message via the at least one gateway service such as etherSMSTM. Alternate paths may also be available and/or used in coincidence with communications that may consider least cost routing, etc. Because ProtectedSMS also allows for messages to require a read return receipt, the initiating application can then determine if the message being sent was at least received by the intended at least one customer device and the operator opened the message.
- etherSMSTM gateway service
- Alternate paths may also be available and/or used in coincidence with communications that may consider least cost routing, etc. Because ProtectedSMS also allows for messages to require a read return receipt, the initiating application can then determine if the message being sent was at least received by the intended at least one customer device and the operator opened the message.
Abstract
Description
- This application claims the benefit of the following applications which are also incorporated herein by reference as if expressly set forth:
-
- U.S. Provisional Patent Application No. 61/557,598 filed Nov. 9, 2011 entitled “Systems And Methods For Enabling Secure Messaging, Command, And Control Of Remote Devices, Communicated Via A Short Message Service Or Other Message Oriented Communications Mediums” [attorney docket 5579-8];
- U.S. Provisional Patent Application No. 61/556,635 filed Nov. 7, 2011 entitled “Secure Messaging” [attorney docket 5579-4] and counterpart nonprovisional application Ser. No. ______ filed concurrently herewith;
- U.S. Provisional Patent Application No. 61/556,652 filed Nov. 7, 2011 entitled “Systems And Methods Using One Time Pads During The Exchange Of Cryptographic Material” [attorney docket 5579-6] and counterpart non-provisional application Ser. No. ______ filed concurrently herewith,
- U.S. patent application Ser. No. 12/940,213 filed Nov. 5, 2010 [attorney docket 5579-3];
- U.S. Provisional Patent Application No. 61/351,979 filed Jun. 7, 2010 [attorney docket 5579-2].
- N/A
- The technology herein relates to message security, and more particularly to secure exchange of message oriented and/or command and control data between at least one server class system e.g. utilized by an organization and at least one peer system over potentially diverse communications paths. The technology herein further relates to a server class system that can also act as a gateway for other applications to exchange secure messages with at least one peer system.
- Today, a significant amount of information is communicated via the Short Message Service (SMS) infrastructure that is provided by mobile phone carriers worldwide. Other message oriented communications paths also exist, such as Twitter, and Google Groups. This type of communications has become widely popular over traditional voice conversations because it offers the participants some semblance of privacy in a room. No longer can an individual just eavesdrop on at least part of a conversation. In this simple case, an interloper needs to be close enough to be able to read the screen of the communicating device.
- While a naive user may believe that text conversations are private, in fact some nefarious party can easily purchase technology over the Internet or elsewhere that allows him to monitor the communications exchange. Thus, no real security exists in the vast majority of modern text messaging. An attacker can easily intercept and read the texts you send to your friends, your family, your business colleagues and others.
- Even with the inherent security risks, many entities who ought to be concerned about security and secrecy have embraced the technology due to the immediacy of the communications. Doctors and nurses may use the technology to exchange patient information, even though this type of information is required by law to be secured. Financial institutions often send updates to their customers about their account balances, transactions, trades, etc., that could easily be intercepted by malicious parties. Other use cases abound.
- Some shy away from using these communications paths due to the insecurity, but these vital and resilient communication channels have proven useful during times when other paths such as traditional voice and data networks are either overloaded or inaccessible, especially during natural or unanticipated disasters. During these occurrences, it has been well documented, even by the US government that:
-
- “because wireless networks may be congested during an emergency, sending a text message may work better than placing a voice call.” (http://www.fcc.gov/guides/emergency-communications)
- Consider government officials who need to exchange secure but potentially unclassified information. Other critical infrastructure such as a country's energy grid, sensors, or other machine to machine (M2M) communications provide for command and control of the equipment. Individuals with mal-intent could easily create havoc during the exchange of information in these scenarios.
- Thus, with the proliferation of mobile, portable, or other remote computing devices being utilized in day-to-day communications, retaining secure access with these devices is of paramount importance. Prior art is filed with examples of how to provide for secure communications with these devices over traditional data interconnects such as IP based networks, virtual private networks, transport layer security, etc.
- However, many of these mediums are bandwidth constrained. Trying to layer traditional methods of securing communications onto these environments may prove fruitless as well as potentially exacerbate an already difficult situation. Therefore, it would be highly desirable to provide a lightweight solution that enables secure access to and communications with these computing devices over message oriented channels as an alternative.
- Furthermore, many systems today are unable to participate in any correspondence via this technology, or are saddled with additional overhead when communicating information to peer systems through some existing gateway infrastructure.
- The exemplary illustrative non-limiting technology herein addresses these needs in a multitude of ways. Exemplary illustrative non-limiting technology herein thus provides methods and systems provided by a server based computing system utilized by an organization or entity to communicate securely with mobile, portable, or other embedded systems via message oriented communications facilities.
- An example non-limiting Protected Mobility Enterprise Console (PMEC) allows an organization or entity to utilize these alternate communications paths through a provided console interface and/or via exposed web services that other applications can use to send and receive potentially private information. The exemplary illustrative non-limiting technology herein provides, among other things, security of communications between the PMEC and collaborating devices.
- To enable secure exchange of message oriented communications and maintain access to cooperating devices, services such as those provided by a protected mobility enterprise console (PMEC) can be utilized. In one exemplary illustrative non-limiting arrangement, the PMEC is an application that can be installed by a given organization on a generic computer based platform, or provided as a hosted/managed service for a given entity. Its illustrative non-limiting core functionality allows individuals, operators, or other applications to securely exchange sometimes critical information with other devices that are within its domain. The exchange of information can be accomplished over Internet related protocols such as HTTP, alternatively through messaging services that provide gateway services to wireless network short messaging services, or directly through interconnects with communication carriers.
- Enabling more than one communications path to potentially critical infrastructure or personnel via the cooperating computing devices provides for resiliency of information flow and in some cases helps maintain business continuity. First responders, governments, military, may also find these services useful.
- These and other features and advantages will be better and more completely understood by referring to the following detailed description of exemplary non-limiting illustrative embodiments in conjunction with the drawings of which:
-
FIG. 1 is a block diagram of a non-limiting example illustrative PMEC based system. -
FIG. 1A is an example illustrative flowchart of program control steps stored in a non-transitory storage medium and executed by the example illustrative PMEC. -
FIG. 2 is a non-limiting sample web page or other display used to input operator/administrator credentials to access/configure PMEC functionality. -
FIG. 3 is a non-limiting sample web page or other display used to provide the operator/administrator with a quick “dashboard” overview. -
FIG. 4 is a non-limiting sample web page or other display used to display information about a particular user associated with the PMEC. -
FIG. 5 is a non-limiting sample web page or other display used to display information about groups of users associated with the PMEC. -
FIG. 6 is a non-limiting sample web page or other display used to display information about groups of users/devices associated with the PMEC. -
FIG. 7 is a non-limiting sample web page or other display used to display reporting information about the state of different commands/message oriented communications exchanged with a particular group, user or device. -
FIG. 8 is a non-limiting sample web page or other display used to display information about administrators and operators, as well as an audit of the functions/communication that have been requested by the person and which also allows the additional/deletion of administrators/operators. -
FIG. 9 is a non-limiting sample web page or other display used to allow entry and display of configuration and system parameters used in the exemplary non-limiting operation of the application. -
FIG. 10 is a non-limiting sample web page or other display used to allow the addition/deletion as well as display of the different exemplary device types that the system is in communications with. -
FIG. 11 is a non-limiting sample web page or other display used to allow the addition/deletion as well as the display of different communications carriers the system ultimately may use to communicate with the exemplary devices. -
FIGS. 12A and 12B are a non-limiting sample web page or other display used to allow entry of an illustrative message that will be subsequently sent to a selected user/device. -
FIG. 1 shows an example non-limiting schematic diagram of asystem 10 including a Protected Mobility Enterprise Console (PMEC) 20. In the example shown,PMEC 20 is located behind the firewall 40 of an enterprise (e.g., organization or entity) and communicates with an organization/entity network 42. Computing devices 34 such as personal computers, laptop computers, smart phones, tablet computers and a variety of other devices can communicate vianetwork 42 withPMEC 20 and vice versa.PMEC 20 can be located anywhere. If located in the cloud or provided by a managed service provider for the customer,PMEC 20 would be moved from inside the organizations network to the other side of the organization's firewall 40. PMEC services could then be securely access using any number of communications technologies such as VPNs, transport level security such as SSL/TLS, direct connection between the organizations and the cloud service providers network, etc. - As shown in
FIG. 1 , theexample non-limiting PMEC 20 is logically architected into separate functional areas or modules, each providing separate capabilities that may be geographically/physically dispersed to enable the system to scale. They are for example: - Operator/Administrator interface (22)
- Web service interface (24)
- Cryptographic interface (26)
- Message Router/transport interface (28)
- Gateway interfaces (30)
- Auditing/reporting interface (32).
- In the example shown,
PMEC 20 interacts with a variety of devices that may connect to it from the Internet or other data network(s) and/or from voice/cellular network(s) 46. For example,PMEC 20 can securely or insecurely interact with cellular capable devices 46 a such as smart phones, cellular telephones, tablet computers, laptop computers and the like that communicate using GSM, LTE or other cellular wireless protocols.PMEC 20 can also interact securely or insecurely with WiFi or other networked devices 44 a such as laptop computers, tablet computers, smartphones, etc. that interconnect with the internet/data network(s) 44. It is also compatible with third party SMS/messaging service provider(s) 50 that in turn may interconnect with the voice/cellular network(s) 46 and the Internet/data network(s) 44. - After installation, Operators/Administrators use the operators services 22 interface to configure/manage the
PMEC 20 application (FIG. 1A , block 82). The operator services 22 may employ a database service to hold configuration, policy, and/or key information, or this information can be inputted on demand, or both. Communications with at least one cooperating device can also be instantiated through this interface as it uses the facilities of the other provided services 24-32 to complete the task - After configuration, and access to the
web service interface 24 is enabled, other applications can now interact with the exposed API via standard protocols such as HTTP(s) or other common remote procedure call mechanism that may be used for inter-process communications (FIG. 1A , block 84). The API allows other applications to exchange message-oriented communications, including but not limited to, locating a device, sending information, (de)registering devices, etc., with the at least one device that is within the PMEC's domain. - Whether the message oriented communications is generated via the
Web user interface 24, or through communications via the Web services interface, for secure messaging thePMEC 20 may use itscryptographic service interface 26 to secure the message if the at least one device is registered within the PMEC's domain (FIG. 1A , block 86, 88). Given the appropriate cryptographic material, the cryptographic services interface 26 will appropriately cipher the message and return it for further processing by thePMEC 20. - While
PMEC 20 can send and receive secure messages, sending/receiving non secure messages is also possible (i.e.FIG. 1A ). Clearly this would be the case if thePMEC 20 did not have an associated public keys for a device. However, in the example non-limiting implementation, an operator/application may also choose to send a clear text message. If the application/operator chooses to send a secure message, and an associated public key is not known by the PMEC, an error can be returned. - Assuming no error has occurred, once the message has been processed by the cryptographic service interface, the PMEC's message router 28 is then handed the message to correctly exchange the communiqué with its intended target(s) (
FIG. 1A , block 88). If the message is outbound, the message is handed off toPMEC gateway service 50 for ultimate distribution via the at least one message gateway service such as etherSMS™. If the information is inbound, the message is then handed off to either the WebUser interface service 24 and/or the Web Services interface for consumption by the Administrator/operator, an external application in communications with the Web Service API, or both. - If the message router 28 determines that the message is destined for at least one of the devices that is within the PMEC's domain, based on policy and configuration, the service will then forward the communiqué via the at least one of the configured messaging channel (
FIG. 1A , block 90). The messaging channel interconnects can be Internet based service such as etherSMS™, Skype, Twitter, to a wireless carrier's network 46, other, etc. Alternate paths for the communications to occur can be easily envisioned by those skilled in the art. - In one example non-limiting configuration, the
PMEC 20 in conjunction with a cooperating computer application such as ProtectedSMS, as defined in co-pending patent application No. 61/556,635 filed Nov. 7, 2011 entitled “Secure Messaging” [attorney docket 5579-4], enables message-oriented communications to be exchanged with various ones of such devices in a secure manner. By using the defined lightweight Contact Registration Exchange as described in co-pending application co-pending patent application No. 61/556,635 filed Nov. 7, 2011 entitled “Secure Messaging” [attorney docket 5579-4] the PMEC can establish a database of public key(s) for devices in within its domain. - Assuming secure messaging is desired, once the public keys are exchanged via the mechanisms outlined in co-pending application co-pending patent application No. 61/556,635 filed Nov. 7, 2011 entitled “Secure Messaging” [attorney docket 5579-4] between the at least one target device and a PMEC (e.g. registered), message-oriented communications can be sent or received securely. In one exemplary embodiment illustrated in
FIGS. 12A and 12B , thePMEC 20 is able to send a number of different command and control messages to the at least one collaborative device. - In this non-limiting example, the
PMEC 20 can initiate a command to the device such as to: - Unregister or deregister
- Reset Pin
- Locate
- Wipe Data
- Disable Pin
- other
- along with sending and/or receiving secure text messages as illustrated by
FIG. 12 . - Additional services can be provided. For example, there may be a need to send the same information to multiple recipients, such as a “locate” command. In one example scenario, a team of first responders are in the field handling a situation. A commander may need to determine the location of his/her team members. As indicated in
FIG. 5 , an administrator can easily define groups of users and/or devices. By simply selecting the group via the non-limiting illustrative web user interface, an operator can send a locate command/request to a plurality of devices that are associated with the selected group. As each request/response is processed, the operator of thePMEC 20 can view the status of each command. The location of each device may be reported back to thePMEC 20 as GPS or other location coordinates that could be easily displayed via existing mapping applications such as Google Maps. More sophisticated maps could be used to give in-building or three-dimensional displays of the location of each device. - Another advantage that can be realized via the group communications can also be enhanced by the
PMEC 20 becoming the relay agent for multiparty communications. By the at least one device responding to a group text message, thePMEC 20 could replicate that information and send that to the other members of the group. This could potentially increase cost savings considering some current pricing models for message-oriented communications. In one illustrative example, many communications carriers charge a price for each message sent and each one received. Without thePMEC 20, it is possible in one scenario, that if one of at least a plurality of devices responds to a group message, and that the at least one device would have to send a message to each other participant of the group. Having thePMEC 20 involved would allow the initiating device to send the message once to the PMEC, and have the PMEC then replicate the message potentially reducing the cost of total number of messages communicated. - In one illustrative embodiment, each operator/administrator may log in via the web user interface to access the services available via the console.
FIG. 2 is one non-limiting example of a login page. Here credential information is captured and validated against an entity's policy information to determine who, what, when, where, and how a particular operator/administrator may access the PMEC services. The credential information is also used to create an audit trail of the operator/administrator's actions. -
FIG. 3 is a non-limiting example of a landing page once a user's credentials have been verified. This “dashboard” may list information about the health and status of the system. However, based on the role of the individual, more or less information may be displayed. As an illustrative non-limiting example, a certain operator may have restricted access for information pertaining to certain groups. The operator may also be potentially restricted from registering new devices, reconfiguring system parameters, reviewing audit logs, etc. -
FIG. 4 is a non-limiting example of a web page allowing an operator/administrator to enter/modify/delete information regarding users that are within the PMEC's domain. This information may be used to help an operator/administrator manage communications to an at least one device, depending on how an entity chooses to associated devices and users. - As described previously, in
FIG. 5 the non-limiting illustrative embodiment allows for an authorized operator/administrator to create groups of devices or users. As depicted, these groups can be defined as a collection of users, devices, or both. This allows an entity to flexibly communicate or issue command and control message to individuals that may have more than one device. Alternatively, if the devices are headless, or have no user associated with it, the entity can easily communicate with a subset of devices within the PMEC's domain. -
FIG. 6 is a non-limiting illustrative embodiment of a web page that allows an authorized operator/administrator to add/modify/delete devices within the PMEC's domain. Through this interface, information such as carrier, type of device, phone number/network identifier, etc. can be easily entered and recorded for subsequent use by the system. -
FIG. 7 is a non-limiting illustrative embodiment of a web page that provides for an authorized operator/administrator to review system logs and audit trail. As indicated by the exemplary diagram, the information can be sorted, or filtered by any number of parameters such as operator/administrator name, command/message type, date range, etc., to limit the information displayed. Other sorting or reporting facilities can be easily envisioned by those schooled in the art. -
FIG. 8 is a non-limiting illustrative embodiment of a web page that allows an authorized user to add/delete/modify administrator/operators to the PMEC system. In some environments, certain privileges and rights can be assigned to each operator/administrator potentially limiting access toPMEC 20's functionality. Other information, including, but not limited to an audit trail of what operations a particular operator/administrator issued may also be displayed. -
FIG. 9 is a non-limiting illustrative embodiment of a web page that allows an authorized administrator/operator to enter configuration for the PMEC system. Information that may be entered by the operator/administrator may be, but not limited to a specific site name, credential information for gateway services such as those provided by etherSMS™, polling interval (if any) for message-oriented communications, delivery attempts, retry timeouts, one time passcode requirements as defined by co-pending U.S. Provisional Patent Application No. 61/556,652 filed Nov. 7, 2011 entitled “Systems And Methods Using One Time Pads Quring The Exchange Of Cryptographic Material” [attorney docket 5579-6], etc. Other configuration and policy information can easily envisioned by those schooled in the art. - Similarly
FIG. 10 andFIG. 11 is a non-limiting illustrative embodiment of web pages that enable an authorized operator/administrator to add/modify/delete device types and carriers that enable the authorized administrator/operator will used when defining user/device account/profile/configuration information. For instance, based on a specified carrier, configuration may include, but not limited to an email gateway information used for sending SMS information, what MMS URL to use, etc. Device type information may include, but not limited to, message limitations, any transcoding that may be necessary, what interface to used, such as etherSMS™ or cellular messaging services, etc. Other information can be easily envisioned by those schooled in the art. - Along with the operator/administrator interface, the PMEC exposes a number of API's that via a web services interface that other applications may use to exchange message-oriented and/or command and control information to and from devices within the PMEC's domain. This service can then be accessed by an entity's other applications including, but not limited to, Customer Relation Management (CRM), Machine-to-Machine (M2M) communications for infrastructure command and control, etc. If a device/user cryptographic credentials have been registered with the at least one PMEC, applications can communicate securely to the intended device(s) and/or user(s).
- Consider the following non-limiting usage scenario; a financial institution would like to send out alert information to at least one of their customers via message-oriented communications, due to the immediacy of the information. In many cases today, an institution may send an email, however, access can be cumbersome. The user may not be notified of the availability of the information as they may have to log onto a website to gain access to their email, etc., delaying the notification. Furthermore, the exchange may take multiple steps to provide the information to the intended party. Other impediments can be easily envisioned. Instead, by using the
PMEC 20, the same financial application that generated the email can send an alert to the at least one customer via alternative message-oriented communication. This information can be delivered to the at least one customer's device in a secure manner. Through the web service API, the application can send thePMEC 20 via standard protocols such as Internet HTTP(s), the user/device identification information (e.g. name, phone number, network ID, etc.) along with the information to be sent. ThePMEC 20 will then generate a secure message through its cryptographic services. Once complete, together with a companion product such as ProtectedSMS, as described in co-pending application U.S. Provisional Patent Application No. 61/556,635 filed ON Nov. 7, 2011 entitled “Secure Messaging” [attorney docket 5579-4]; that is installed on the at least one customer's device, the PMEC will then forward the secure message to the at least one customer's device via its message router service, sending the message via the at least one gateway service such as etherSMS™. Alternate paths may also be available and/or used in coincidence with communications that may consider least cost routing, etc. Because ProtectedSMS also allows for messages to require a read return receipt, the initiating application can then determine if the message being sent was at least received by the intended at least one customer device and the operator opened the message. - Alternatively, a similar scenario can be easily envisioned using the PMEC's group functionality to exchange message-oriented communications securely with a plurality of customers/devices.
- The PMEC can also interface with additional gateway services such as those provided by etherSMS™ to enable communications via cellular wireless SMS channels or within the etherSMS™ network, via other Internet base messaging services (Twitter, Skype, Peep, etc.), or directly to cellular wireless carriers networks, based on its configuration and/or infrastructure available.
- While the technology herein has been described in connection with exemplary illustrative non-limiting embodiments, the invention is not to be limited by the disclosure. The invention is intended to be defined by the claims and to cover all corresponding and equivalent arrangements whether or not specifically disclosed herein.
Claims (11)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/670,994 US8924706B2 (en) | 2010-11-05 | 2012-11-07 | Systems and methods using one time pads during the exchange of cryptographic material |
US13/671,026 US9172680B2 (en) | 2010-06-07 | 2012-11-07 | Systems and methods for enabling secure messaging, command, and control of remote devices, communicated via a short message service or other message oriented communications mediums |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US35197910P | 2010-06-07 | 2010-06-07 | |
US12/940,213 US9602277B2 (en) | 2010-06-07 | 2010-11-05 | User interface systems and methods for secure message oriented communications |
US201161556635P | 2011-11-07 | 2011-11-07 | |
US201161556652P | 2011-11-07 | 2011-11-07 | |
US201161557598P | 2011-11-09 | 2011-11-09 | |
US13/671,026 US9172680B2 (en) | 2010-06-07 | 2012-11-07 | Systems and methods for enabling secure messaging, command, and control of remote devices, communicated via a short message service or other message oriented communications mediums |
Publications (2)
Publication Number | Publication Date |
---|---|
US20130282904A1 true US20130282904A1 (en) | 2013-10-24 |
US9172680B2 US9172680B2 (en) | 2015-10-27 |
Family
ID=49381196
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/671,026 Expired - Fee Related US9172680B2 (en) | 2010-06-07 | 2012-11-07 | Systems and methods for enabling secure messaging, command, and control of remote devices, communicated via a short message service or other message oriented communications mediums |
Country Status (1)
Country | Link |
---|---|
US (1) | US9172680B2 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9485271B1 (en) * | 2014-03-11 | 2016-11-01 | Symantec Corporation | Systems and methods for anomaly-based detection of compromised IT administration accounts |
US20170118084A1 (en) * | 2015-10-27 | 2017-04-27 | Vmware, Inc. | Configurable client filtering rules |
WO2021009744A1 (en) * | 2019-07-15 | 2021-01-21 | Mystery Story Technology Ltd. | System, device and methods for secure exchange of text messages |
CN113810866A (en) * | 2021-09-14 | 2021-12-17 | 武汉武钢绿色城市技术发展有限公司 | Method and system for calling public network short message platform service through industrial intranet |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10650621B1 (en) | 2016-09-13 | 2020-05-12 | Iocurrents, Inc. | Interfacing with a vehicular controller area network |
US10880312B1 (en) | 2018-11-21 | 2020-12-29 | Amazon Technologies, Inc. | Authentication and authorization with remotely managed user directories |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US82010A (en) * | 1868-09-08 | Petee lauster | ||
US20060161646A1 (en) * | 2005-01-19 | 2006-07-20 | Marc Chene | Policy-driven mobile forms applications |
US20070180540A1 (en) * | 2002-03-20 | 2007-08-02 | Research In Motion Limited | System and method to force a mobile device into a secure state |
US20090287930A1 (en) * | 2008-05-15 | 2009-11-19 | Qualcomm Incorporated | Identity based symmetric cryptosystem using secure biometric model |
US20120290809A1 (en) * | 2002-03-20 | 2012-11-15 | Research In Motion Limited | System and Method of Secure Garbage Collection on a Mobile Device |
US20120300932A1 (en) * | 2011-05-26 | 2012-11-29 | First Data Corporation | Systems and Methods for Encrypting Mobile Device Communications |
US20130268437A1 (en) * | 2005-10-06 | 2013-10-10 | C-Sam, Inc. | Secure ecosystem infrastructure enabling multiple types of electronic wallets in an ecosystem of issuers, service providers, and acquires of instruments |
Family Cites Families (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5592555A (en) | 1994-04-12 | 1997-01-07 | Advanced Micro Devices, Inc. | Wireless communications privacy method and system |
US6125281A (en) | 1997-01-31 | 2000-09-26 | Nokia Mobile Phones Limited | Real-time SMS application messaging using an SMSC-linked server |
US7107246B2 (en) | 1998-04-27 | 2006-09-12 | Esignx Corporation | Methods of exchanging secure messages |
FI107205B (en) | 1999-02-16 | 2001-06-15 | Sonera Oyj | A method to secure information |
US6356937B1 (en) | 1999-07-06 | 2002-03-12 | David Montville | Interoperable full-featured web-based and client-side e-mail system |
WO2001095558A1 (en) | 2000-06-05 | 2001-12-13 | Matsushita Mobile Communication Development Corporation Of U.S.A. | Protocol for short mail message encryption |
US8121296B2 (en) | 2001-03-28 | 2012-02-21 | Qualcomm Incorporated | Method and apparatus for security in a data processing system |
US7546453B2 (en) | 2001-06-12 | 2009-06-09 | Research In Motion Limited | Certificate management and transfer system and method |
US7424615B1 (en) | 2001-07-30 | 2008-09-09 | Apple Inc. | Mutually authenticated secure key exchange (MASKE) |
US7076657B2 (en) | 2001-12-28 | 2006-07-11 | Siemens Communications, Inc. | Use of short message service (SMS) for secure transactions |
GB2404126B (en) | 2002-01-17 | 2005-04-06 | Toshiba Res Europ Ltd | Data transmission links |
US7130886B2 (en) | 2002-03-06 | 2006-10-31 | Research In Motion Limited | System and method for providing secure message signature status and trust status indication |
AUPS217002A0 (en) | 2002-05-07 | 2002-06-06 | Wireless Applications Pty Ltd | Clarence tan |
US6792545B2 (en) | 2002-06-20 | 2004-09-14 | Guidance Software, Inc. | Enterprise computer investigation system |
KR100541760B1 (en) | 2003-10-09 | 2006-01-10 | 주식회사 팬택 | Wireless communication terminal and its method of protecting screen information |
US20050232422A1 (en) | 2004-04-19 | 2005-10-20 | Jingdong Lin | GSM (Global System for Mobile communication) handset with carrier independent personal encryption |
KR100677426B1 (en) | 2005-01-14 | 2007-02-02 | 엘지전자 주식회사 | Short message display method for mobile communication device |
KR100594049B1 (en) | 2005-04-28 | 2006-06-30 | 삼성전자주식회사 | Method for data information displaying of mobile station |
WO2007033496A1 (en) | 2005-09-26 | 2007-03-29 | Research In Motion Limited | Rendering subject identification on protected messages lacking such identification |
AU2006304655B2 (en) | 2005-10-18 | 2012-08-16 | Intertrust Technologies Corporation | Methods for digital rights management |
US7865730B2 (en) | 2006-01-30 | 2011-01-04 | Kronos Technology Systems Limited Partnership | Bcencryption (BCE)—a public-key based method to encrypt a data stream |
US9124650B2 (en) | 2006-12-13 | 2015-09-01 | Quickplay Media Inc. | Digital rights management in a mobile environment |
US8332921B2 (en) | 2007-01-12 | 2012-12-11 | Wmware, Inc. | Enhanced security for user instructions |
US7913085B2 (en) | 2007-06-15 | 2011-03-22 | Koolspan, Inc. | System and method of per-packet keying |
US7907735B2 (en) | 2007-06-15 | 2011-03-15 | Koolspan, Inc. | System and method of creating and sending broadcast and multicast data |
US9237148B2 (en) | 2007-08-20 | 2016-01-12 | Blackberry Limited | System and method for displaying a security encoding indicator associated with a message attachment |
US8064606B2 (en) | 2007-11-13 | 2011-11-22 | Oracle America, Inc. | Method and apparatus for securely registering hardware and/or software components in a computer system |
US8842836B2 (en) | 2007-11-26 | 2014-09-23 | Koolspan, Inc. | System for and method of cryptographic provisioning |
US20090268902A1 (en) | 2008-04-25 | 2009-10-29 | Koolspan, Inc. | System for and method of cryptographic provisioning |
US8503679B2 (en) | 2008-01-23 | 2013-08-06 | The Boeing Company | Short message encryption |
US9398046B2 (en) | 2008-03-06 | 2016-07-19 | Qualcomm Incorporated | Image-based man-in-the-middle protection in numeric comparison association models |
EP2286566A1 (en) | 2008-03-28 | 2011-02-23 | Celltrust Corporation | Systems and methods for secure short messaging service and multimedia messaging service |
US20100020972A1 (en) | 2008-07-22 | 2010-01-28 | Ernest Samuel Baugher | Wireless mobile device that permits toggling of whether to transmit information contained in SMS messages as encrypted or clear text |
US8131266B2 (en) | 2008-12-18 | 2012-03-06 | Alcatel Lucent | Short message service communication security |
US20110117883A1 (en) | 2009-11-19 | 2011-05-19 | David Drabo | Encrypted text messaging system and method therefor |
JP5552541B2 (en) | 2009-12-04 | 2014-07-16 | クリプトグラフィ リサーチ, インコーポレイテッド | Verifiable leak-proof encryption and decryption |
US8464061B2 (en) | 2010-08-30 | 2013-06-11 | Apple Inc. | Secure wireless link between two devices using probes |
US20130030828A1 (en) | 2011-03-04 | 2013-01-31 | Pourfallah Stacy S | Healthcare incentive apparatuses, methods and systems |
US8615081B2 (en) | 2011-06-01 | 2013-12-24 | International Business Machines Corporation | Secure key creation |
-
2012
- 2012-11-07 US US13/671,026 patent/US9172680B2/en not_active Expired - Fee Related
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US82010A (en) * | 1868-09-08 | Petee lauster | ||
US20070180540A1 (en) * | 2002-03-20 | 2007-08-02 | Research In Motion Limited | System and method to force a mobile device into a secure state |
US20120290809A1 (en) * | 2002-03-20 | 2012-11-15 | Research In Motion Limited | System and Method of Secure Garbage Collection on a Mobile Device |
US20060161646A1 (en) * | 2005-01-19 | 2006-07-20 | Marc Chene | Policy-driven mobile forms applications |
US20130268437A1 (en) * | 2005-10-06 | 2013-10-10 | C-Sam, Inc. | Secure ecosystem infrastructure enabling multiple types of electronic wallets in an ecosystem of issuers, service providers, and acquires of instruments |
US20090287930A1 (en) * | 2008-05-15 | 2009-11-19 | Qualcomm Incorporated | Identity based symmetric cryptosystem using secure biometric model |
US20120300932A1 (en) * | 2011-05-26 | 2012-11-29 | First Data Corporation | Systems and Methods for Encrypting Mobile Device Communications |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9485271B1 (en) * | 2014-03-11 | 2016-11-01 | Symantec Corporation | Systems and methods for anomaly-based detection of compromised IT administration accounts |
US20170118084A1 (en) * | 2015-10-27 | 2017-04-27 | Vmware, Inc. | Configurable client filtering rules |
US10601669B2 (en) * | 2015-10-27 | 2020-03-24 | Vmware, Inc. | Configurable client filtering rules |
WO2021009744A1 (en) * | 2019-07-15 | 2021-01-21 | Mystery Story Technology Ltd. | System, device and methods for secure exchange of text messages |
CN113810866A (en) * | 2021-09-14 | 2021-12-17 | 武汉武钢绿色城市技术发展有限公司 | Method and system for calling public network short message platform service through industrial intranet |
Also Published As
Publication number | Publication date |
---|---|
US9172680B2 (en) | 2015-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10237247B2 (en) | User interface systems and methods for secure message oriented communications | |
US10778837B2 (en) | System and method for tracking and archiving mobile communications | |
CA2909613C (en) | System and method for tracking sms messages | |
US20190281465A1 (en) | Blockchain for validating communications archiving | |
US9172680B2 (en) | Systems and methods for enabling secure messaging, command, and control of remote devices, communicated via a short message service or other message oriented communications mediums | |
US20160352790A1 (en) | Collaborative business communication information system | |
US11451660B2 (en) | System and method for tracking and archiving mobile communications | |
AU2013222127B2 (en) | Systems and methods for encrypted mobile voice communications | |
US20170366512A1 (en) | System and Method for Machine-to-Machine Privacy and Security Brokered Transactions | |
US11595789B2 (en) | Missed communication notification | |
CA2987667C (en) | System and method for tracking and archiving mobile communications | |
AU2015100641A4 (en) | System and method for machine-to-machine privacy and security brokered transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: PROTECTED MOBILITY, LLC, MARYLAND Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MARLOW, WILLIAM J.;CICHIELO, ROBERT;STURNIOLO, EMIL;AND OTHERS;SIGNING DATES FROM 20130620 TO 20130701;REEL/FRAME:030729/0268 |
|
ZAAA | Notice of allowance and fees due |
Free format text: ORIGINAL CODE: NOA |
|
ZAAB | Notice of allowance mailed |
Free format text: ORIGINAL CODE: MN/=. |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20191027 |
|
PRDP | Patent reinstated due to the acceptance of a late maintenance fee |
Effective date: 20200324 |
|
FEPP | Fee payment procedure |
Free format text: PETITION RELATED TO MAINTENANCE FEES GRANTED (ORIGINAL EVENT CODE: PMFG); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY Free format text: PETITION RELATED TO MAINTENANCE FEES FILED (ORIGINAL EVENT CODE: PMFP); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY Free format text: SURCHARGE, PETITION TO ACCEPT PYMT AFTER EXP, UNINTENTIONAL. (ORIGINAL EVENT CODE: M2558); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY Year of fee payment: 4 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: GLOBAL INTEGRITY, INC., VIRGINIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PROTECTED MOBILITY, LLC;REEL/FRAME:058632/0997 Effective date: 20220112 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20231027 |